Add regex_substring Jinja filter for searching for a pattern in a provided string and
returning the result. (improvement)

Contributed by mierdin. #3482

Add test coverage and test timing capabilities to st2-run-pack-tests.
The -c option enables test coverage and the -t option enables test timings.
These capabilities have also been enabled in the ci pipeline for packs in the exchange.

Contributed by Nick Maludy. #3508

Update st2 CLI so it also displays “there are more results” note when -n flag is
used and there are more items available. (improvement) #3552

Add ability to explicitly set stream_url in st2client. (improvement) #3432

Add support for handling arrays of dictionaries to st2config CLI command. (improvement)
#3594

Don’t automatically append .git suffix to repo URIs passed to packs.download action.
This fixes a bug and now action also works with repo urls which don’t contain .git suffix.
(bug fix)

Contributed by carbineneutral. #3534 #3544

st2 pack commands now work when StackStorm servers are behind a HTTP/HTTPS proxy. You can set
http_proxy or https_proxy environment variables for st2api and st2actionrunner
processes and pack commands will work with proxy. Refer to documentation for details on
proxy configuration. (bug-fix) #3137

Fix API validation regression so all input data sent to some POST and PUT API endpoints is
correctly validated. (bug fix) #3580

Fix an API bug and allow users to create rules which reference actions which don’t yet exist in
the system when RBAC is enabled and user doesn’t have system admin permission. (bug fix)
#3572 #3573

Reported by sibirajal.

Add a check to make sure action exists in the POST of the action execution API. (bug fix)

Fix api key generation, to use system user, when auth is disabled. (bug fix) #3578 #3593

Add support for passphrase parameter to remote-shell-script runner and as such, support
for password protected SSH key files. (improvement)

Reported by Sibiraja L, Nick Maludy.

Add json_escape Jinja filter for escaping JSON strings. (improvement)

Contributed by mierdin. #3480

Print a note to stderr if there are more entries / results on the server side which are displayed
to the user for the following list CLI commands: rule, execution,
rule-enforcment, trace and trigger-instance.
Default limit is 50. (improvement)

Update st2run / st2executionrun command to display result of workflow actions when
they finish. In the workflow case, result of the last task (action) of the workflow is used.
(improvement) #3481

Update Python runner so it mimics behavior from StackStorm pre 1.6 and returns action result as
is (serialized as string) in case we are unable to serialize action result because it contains
non-simple types (e.g. class instances) which can’t be serialized.

In v1.6 we introduced a change when in such instances, we simply returned None as result
and didn’t log anything which was confusing. (improvement) #3489

Update action-chain runner so a default value for display_published runner parameter is
True. This way it’s consistent with Mistral runner behavior and intermediate variables
published inside action-chain workflow are stored and displayed by default. #3518 #3519

Notifier now consumes ActionExecution queue as opposed to LiveAction queue. With this
change, the Jinja templates used in notify messages that refer to keys in ActionExecution
resolve reliably. Previously, there was a race condition in which a LiveAction would have
been updated but ActionExecution was not and therefore, the jinja templates weren’t reliably
resolved. (bug-fix) #3487 #3496

Reported by Chris Katzmann, Nick Maludy.

Deprecate results_tracker config group and move configuration variables to resultstracker
group instead. If you have results_tracker config group in the config, it is recommended
to switch to resultstracker instead. (bug-fix) #3500

Correctly use service token TTL when generating temporary token for datastore service. This
fixes a bug and allows user to set TTL value for non service tokens to less than 24 hours.
(bug fix) #3523 #3524

Introduce new CAPABILITIES constant on auth backend classes. With this constant, auth
backends can advertise functionality they support (e.g. authenticate a user, retrieve information
about a particular user, retrieve a list of groups a particular user is a member of).
(new feature)

Add support for automatic RBAC role assignment based on the remote auth backend groups user is a
member of (e.g. LDAP groups) and mappings defined in /opt/stackstorm/rbac/mappings directory.

Note: This functionality is currently implemented for enterprise LDAP auth backend and only
available in enterprise edition.
(new feature)

Allow user to specify a custom list of attribute names which are masked in the log messages by
setting log.mask_secrets_blacklist config option. (improvement)

Linux file watch sensor is now disabled by default. To enable it, set enabled:true in
/opt/stackstorm/packs/linux/sensors/file_watch_sensor.yaml

Update the code so user can specify arbitrary default TTL for access tokens in st2.conf and
all the StackStorm services which rely on access tokens still work.

Previously, the lowest TTL user could specify for all the services to still work was 24 hours.
This has been fixed and the default TTL specified in the config now only affects user access
tokens and services use special service access tokens with no max TTL limit. (bug fix)

Reported by Jiang Wei. #3314 #3315

Update /executions/views/filters API endpoint so it excludes null / None from filter values
for fields where null is not a valid field value. (improvement)

Contributed by Cody A. Ray. #3193

Require ACTION_VIEW permission type to be able to access entry_point and parameters actions
view controller. (improvement)

Update /v1/rbac/permission_types and /v1/rbac/permission_types/<resourcetype> API
endpoint to return a dictionary which also includes a description for each available
permission type. (improvement)

Switch file_watch_sensor in Linux pack to use trigger type with parameters. Now you can add a
rule with file_path and sensor will pick up the file_path from the rule. A sample rule
is provided in contrib/examples/rules/sample_rule_file_watch.yaml. (improvement)

Cancel actions that are Mistral workflow when the parent workflow is cancelled. (improvement)

Update /v1/rbac/roles API endpoint so it includes corresponding permission grant objects.
Previously it only included permission grant ids. (improvement)

When RBAC is enabled and action is scheduled (ran) through the API, include rbac dictionary
with user and rolesaction_context attribute. (improvement)

Make the query interval to third party workflow systems (including mistral) a configurable
value. You can now set query_interval in [results_tracker] section in /etc/st2/st2.conf.
With this, the default query interval is set to 20s as opposed to 0.1s which was rather aggressive
and could cause CPU churn when there is a large number of outstanding workflows. (improvement)

Let st2packinstall register all available content in pack by default to be consistent with
st2packregister. (improvement) #3452

The dest_server parameter has been removed from the linux.scp action. Going forward simply
specify the server as part of the source and / or destination arguments. (improvement)
#3335 #3463 [Nick Maludy]

Add missing database indexes which should speed up various queries on production deployments with
large datasets. (improvement)

Use a default value for a config item from config schema even if that config item is not required
(required:false). (improvement)

Reported by nmlaudy. #3468 #3469

Removing empty config.yaml for packs pack so warning isn’t thrown by default now that deprecation
warning is in place. (improvement)

Fix a bug where trigger parameters and payloads were being validated regardless of the relevant settings
in the configuration (system.validate_trigger_payload, system.validate_trigger_parameters). (bug fix)

Fix system=True filter in the /v1/rbac/roles API endpoint so it works correctly. (bug fix)

Fix a bug in query base module when outstanding queries to mistral or other workflow engines
could cause a tight loop without cooperative yield leading to 100% CPU usage by st2resultstracker
process. (bug-fix)

Ignore unicode related encoding errors which could occur in some circumstances when
packs.setup_virtualenv fails due to a missing dependency or similar. (improvement, bug fix)
#3337 [Sean Reifschneider]

Update st2-apply-rbac-definitions so it also removes assignments for users which don’t exist
in the database. (improvement, bug fix)

Make sure all the role assignments for a particular user are correctly deleted from the database
after deleting an assignment file from /opt/stackstorm/rbac/assignments directory and running
st2-apply-rbac-definitions tool. (bug fix)

Allow user to specify which branch of st2tests repository to use by passing -b option to
st2-self-check script. (improvement)

Update tooz library to the latest version (v1.15.0). Using the latest version means
StackStorm now also supports using consul, etcd and other new backends supported by
tooz for coordination. (improvement)

Fix st2ctlreload command so it preserves exit code from st2-register-content script and
correctly fails on failure by default.

Fix base action alias test class (BaseActionAliasTestCase) so it also works if the local pack
directory name doesn’t match the pack name (this might be the case with new pack management
during development where local git repository directory name doesn’t match pack name) (bug fix)

Fix a bug with default values from pack config schema not being passed via config to Python
runner actions and sensors if pack didn’t contain a config file in /opt/stackstorm/configs
directory. (bug fix)

Reported by Jon Middleton.

Make various improvements and changes to st2-run-pack-tests script so it works out of the box
on servers where StackStorm has been installed using packages. (improvement)

Fix a bug with authentication middleware not working correctly when supplying credentials in an
Authorization header using basic auth format when password contained a colon (:).

Note: Usernames with colon are still not supported. (bug fix)

Contributed by Carlos.

Update st2-run-pack-tests script so it doesn’t try to install global pack test dependencies
(mock, unittest2, nose) when running in an environment where those dependencies are already
available.

Make sure remote command and script runner correctly close SSH connections after the action
execution has completed. (bug fix)

Reported by Nagy Krisztián.

Fix a bug with pack configs API endpoint (PUT/v1/configs/) not working when RBAC was
enabled. (bug fix)

Update the dependencies and the code base so we now also support MongoDB 3.4. Officially
supported MongoDB versions are now MongoDB 3.2 and 3.4. Currently default version installed by
the installer script still is 3.2. (improvement)

Validation is only performed if system.validate_trigger_parameters config option is enabled
(it’s disabled by default) and if trigger object defines parameters_schema attribute.

Contribution by Hiroyasu OHYAMA. #3094

Introduce validation of trigger payload for non-system and user-defined triggers which is
performed when dispatching a trigger inside a sensor and when sending a trigger via custom
webhook.

Validation is only performed if system.validate_trigger_payload config option is enabled
(it’s disabled by default) and if trigger object defines payload_schema attribute.

Contribution by Hiroyasu OHYAMA. #3094

Add support for st2 login and st2 whoami commands. These add some additional functionality
beyond the existing st2 auth command and actually works with the local configuration so that
users do not have to.

Add support for complex rendering inside of array and object types. This allows the user to
nest Jinja variables in array and object types.

Add new -j flag to the st2-run-pack-tests script. When this flag is specified script will
just try to run the tests and it won’t set up the virtual environment and install the
dependencies. This flag can be used when virtual environment for pack tests already exists and
when you know dependencies are already installed and up to date. (new feature)

Update st2auth service so it includes more context and throws a more user-friendly exception
when retrieving an auth backend instance fails. This makes it easier to debug and spot various
auth backend issues related to typos, misconfiguration and similar. (improvement)

Let querier plugin decide whether to delete state object on error. Mistral querier will
delete state object on workflow completion or when the workflow or task references no
longer exists. (improvement)`

{{user.}} and {{system.}} notations to access user and system
scoped items from datastore are now unsupported. Use {{st2kv.user.}}
and {{st2kv.system.}} instead. Please update all your content (actions, rules and
workflows) to use the new notation. (improvement)

Fix returning a tuple from the Python runner so it also works correctly, even if action returns
a complex type (e.g. Python class instance) as a result. (bug fix)

Reported by skjbulcher #3133

Fix a bug with packs.download action and as such as packinstall command not working with
git repositories which used a default branch which was not master. (bug fix)

Fix a bug with not being able to apply some global permission types (permissions which are global
and not specific to a resource) such as pack install, pack remove, pack search, etc. to a role
using st2-apply-rbac-definitions. (bug fix)

Fix /v1/packs/views/files/<packreforid> and
/v1/packs/views/file/<packreforid>/<filepath> API endpoint so it
works correctly for packs where pack name is not equal to the pack ref. (bug fix)

Reported by skjbulcher #3128

Improve binary file detection and fix “pack files” API controller so it works correctly for
new-style packs which are also git repositories. (bug fix)

Fix cancellation specified in concurrency policies to cancel actions appropriately. Previously,
mistral workflow is orphaned and left in a running state. (bug fix)

If a retry policy is defined, action executions under the context of a workflow will not be
retried on timeout or failure. Previously, action execution will be retried but workflow is
terminated. (bug fix)

Fix how mistral client and resource managers are being used in the mistral runner. Authentication
has changed in the mistral client. Fix unit test accordingly. (bug fix)

Fix issue where passing a single integer member for an array parameter for an action would
cause a type mismatch in the API (bug fix)

Update /v1/packs/register API endpoint so it throws on failure (e.g. invalid pack or resource
metadata). This way the default behavior is consistent with default
st2ctlreload--register-all behavior.
If user doesn’t want the API endpoint to fail on failure, they can pass
"fail_on_failure":false attribute in the request payload. (improvement)

Throw a more user-friendly exception when registering packs (st2ctlreload) if pack ref /
name is invalid. (improvement)

Update packs.load action to also register triggers by default. (improvement)

Add new stackstorm_version and system fields to the pack.yaml metadata file. Value of
the first field can contain a specific StackStorm version with which the pack is designed to
work with (e.g. >=1.6.0,<2.2.0 or >2.0.0). This field is checked when installing /
registering a pack and installation is aborted if pack doesn’t support the currently running
StackStorm version. Second field can contain an object with optional system / OS level
dependencies. (new feature)

Add new contributors field to the pack metadata file. This field can contain a list of
people who have contributed to the pack. The format is Name<email>, e.g.
TomazMuraus<tomaz@stackstorm.com> (new feature)

Add new POST/v1/actionalias/match API endpoint which allows users to perform ChatOps action
alias matching server-side. This makes it easier to build and maintain StackStorm ChatOps
clients / adapters for various protocols and mediums. Clients can now be very thin wrappers
around this new API endpoint.

Adding ability to pass complex array types via CLI by first trying to
seralize the array as JSON and then falling back to comma separated array.

Add new core.pause action. This action behaves like sleep and can be used inside the action
chain or Mistral workflows where waiting / sleeping is desired before proceeding with a next
task. Contribution by Paul Mulvihill. (new feature) #2933.

Allow user to supply multiple resource ids using ?id query parameter when filtering
“get all” API endpoint result set (e.g. ?id=1,2,3,4). This allows for a better client and
servers performance when user is polling and interested in multiple resources such as polling on
multiple action executions. (improvement)

Add support for ssh config file for ParamikoSSHrunner. Now ssh_config_file_path can be set
in st2 config and can be used to access remote hosts when use_ssh_config is set to
True. However, to access remote hosts, action parameters like username and
password/private_key, if provided with action, will have precedence over the config file
entry for the host. #2941 #3032 #3058 [Eric Edgar] (improvement)

Only valid word characters (a-z, 0-9 and _) used for action parameter
names. Previously, due to bug in the code, any character was allowed.

If validation fails, pack registration will fail. If you have an existing action or pack
definition which uses invalid characters, pack registration will fail. You must update
your packs.

For consistency with new pack name validation changes, sample hello-st2 pack has been
renamed to hello_st2.

Update packs.install action (packinstall command) to only load resources from the
packs which are being installed. Also update it and remove “restart sensor container” step from
the install workflow. This step hasn’t been needed for a while now because sensor container
dynamically reads a list of available sensors from the database and starts the sub processes.
(improvement)

Improve API exception handling and make sure 400 status code is returned instead of 500 on
mongoengine field validation error. (improvement)

Throw a more user-friendly exception if rendering a dynamic configuration value inside the config
fails. (improvement)

Change st2api so that a full execution object is returned instead of an error message, when an
API client requests cancellation of an execution that is already canceled

Speed up short-lived Python runner actions by up to 70%. This way done by re-organizing and
re-factoring code to avoid expensive imports such as jsonschema, jinja2, kombu and mongoengine
in the places where those imports are not actually needed and by various other optimizations.
(improvement)

Remove packs.info action because .gitinfo file has been deprecated with the new pack
management approach. Now pack directories are actual checkouts of the corresponding pack git
repositories so this file is not needed anymore.

Fix packs.uninstall action so it also deletes configs and policies which belong to

the pack which is being uninstalled. (bug fix)

When a policy cancels a request due to concurrency, it leaves end_timestamp set to None which
the notifier expects to be a date. This causes an exception in “isotime.format()”. A patch was
released that catches this exception, and populates payload[‘end_timestamp’] with the equivalent
of “datetime.now()” when the exception occurs.

Allow users to specify sort order when listing traces using the API endpoint by specifying
?sort_desc=True|False query parameters and by passing --sort=asc|desc parameter to
the st2tracelist CLI command. (improvement)

Retry connecting to RabbitMQ on services start-up if connecting fails because
of an intermediate network error or similar. (improvements)

Allow jinja expressions {{st2kv.system.foo}} and {{st2kv.user.foo}} to access
datastore items from workflows, actions and rules. This is in addition to supporting
expressions {{system.foo}} and {{user.foo}}.

Update traces list API endpoint and st2tracelist so the traces are sorted by
start_timestamp in descending order by default. This way it’s consistent with executions
list and -n CLI parameter works as expected. (improvement)

In subsequent releases, the expressions {{system.}} and {{user.}} for accessing
datastore items will be deprecated. It is recommended to switch to using
{{st2kv.system.}} and {{st2kv.user.}} for your content. (improvement)

Update packs.uninstall command to print a warning message if any rules in the system
reference a trigger from a pack which is being uninstalled. (improvement)

Allow user to list and view rules using the API even if a rule in the database references a
non-existent trigger. This shouldn’t happen during normal usage of StackStorm, but it makes it
easier for the user to clean up in case database ends up in a inconsistent state. (improvement)

Allow user to specify an action which is performed on an execution (delay, cancel) when a
concurrency policy is used and a defined threshold is reached. For backward compatibility,
delay is the default behavior, but now users can also specify cancel and an execution will
be canceled instead of delayed when a threshold is reached.

Allow administrator to configure maximum limit which can be specified using ?limit
query parameters when making API calls to get all / list endpoints. For backward compatibility
and safety reasons, the default value still is 100. (improvement)

Include a chatops alias sample in examples pack that shows how to use format option to
display chatops messages in custom formatted way. (improvement)

Include a field elapsed_seconds in execution API response for GET calls. The clients using
the API can now use elapsed_seconds without having to repeat computation. (improvement)

Upgrade to pymongo 3.2.2 and mongoengine 0.10.6 so StackStorm now also supports and works with
MongoDB 3.x. (improvement)

Update action runner to use two internal green thread pools - one for regular (non-workflow) and
one for workflow actions. Both pool sizes are user-configurable. This should help increase the
throughput of a single action runner when the system is not over-utilized. It can also help
prevent deadlocks which may occur when using delay policies with action-chain workflows.
(improvement)

Update CLI commands to make sure that all of them support --api-key option. (bug-fix)

Update st2-register-content script to exit with non-zero on failure (e.g. invalid resource
metadata, etc.) by default. For backward compatibility reasons, --register-fail-on-failure
flag was left there, but it now doesn’t do anything since this is the default behavior. For ease
of migrations, users can revert to the old behavior by using new
--register-no-fail-on-failure flag. (improvement)

Allow Python runner actions to return execution status (success, failure) by returning a tuple
from the run() method. First item in the tuple is a flag indicating success (True /
False) and the second one is the result. Previously, user could only cause action to fail by
throwing an exception or exiting which didn’t allow for a result to be returned. With this new
approach, user can now also return an optional result with a failure. (new feature)

Update st2-register-content script so it validates new style configs in
/opt/stackstorm/configs/ directory when using --register-configs flag if a pack contains
a config schema (config.schema.yaml). (improvement)

Make sure policies which are disabled are not applied. (bug fix)
Reported by Brian Martin.

Fix InternalServerError when an undefined jinja variable is used in action alias ack field.
We now send a http status code 201 but also explicitly say we couldn’t render the ack
field. The ack is anyways a nice-to-have message which is not critical. Previously, we still
kicked off the execution but sent out InternalServerError which might confuse the user
whether execution was kicked off or not. (bug-fix)

Add support for default values when a new pack configuration is used. Now if a default value
is specified for a required config item in the config schema and a value for that item is not
provided in the config, default value from config schema is used. (improvement)

Add support for posixGroup to the enterprise LDAP auth backend. (improvement, bug-fix)

TriggerInstances now have statuses to help track if a TriggerInstance has been processed,
is being processed or failed to process. This bring out some visibility into parts of the
TriggerInstance processing pipeline and can help identify missed events. (new-feature)

Allow user to enable service debug mode by setting system.debug config file option to
True.
Note: This is an alternative to the existing --debug CLI flag which comes handy when running
API services under gunicorn. (improvement)

Add -y / --yaml flag to the CLI list and get commands. If this flag is provided,
command response will be formatted as YAML. (new feature)

Ability to migrate api keys to new installs. (new feature)

Introduce a new concept of pack config schemas. Each pack can now contain a
config.schema.yaml file. This file can contain an optional schema for the pack config.
Site-specific pack configuration is then stored outside the pack directory, in
/opt/stackstorm/configs/<packname>.yaml. Those files are similar to the existing pack
configs, but in addition to the static values they can also contain dynamic values. Dynamic value
is a value which contains a Jinja expression which is resolved to a datastore item during
run-time. (new feature)

Allow administrator user whose context will be used when running an action or re-running an
action execution. (new feature)

Admins will now be able pass --show-secrets when listing api keys to get the key_hash
un-masked on the CLI. (new-feature)

Add --register-triggers flag to the st2-register-content script and st2ctl.
When this flag is provided, all triggers contained within a pack triggers directory are
registered, consistent with the behavior of sensors, actions, etc. This feature allows users
to register trigger types outside the scope of the sensors. (new-feature) [Cody A. Ray]

Lazily establish SFTP connection inside the remote runner when and if SFTP connection is needed.
This way, remote runner should now also work under cygwin on Windows if SFTP related
functionality (file upload, directory upload, etc.) is not used. (improvement)
Reported by Cody A. Ray

API and CLI allow rules to be filtered by their enable state. (improvement)

Send out a clear error message when SSH private key is passphrase protected but user fails to
supply passphrase with private_key when running a remote SSH action. (improvement)

Allow user to specify a timezone in the CLI client config (~/.st2/config). If the timezone is
specified, all the timestamps displayed by the CLI will be shown in the configured timezone
instead of a default UTC display. (new feature)

Add --register-setup-virtualenvs flag to the register-content script and st2ctl.
When this flag is provided, Python virtual environments are created for all the registered packs.
This option is to be used with distributed setup where action runner services run on multiple
hosts to ensure virtual environments exist on all those hosts. (new-feature)

Update core.st2.CronTimer so it supports more of the cron-like expressions (a-b, */a,
x,y,z, etc.). (improvement)

Add new regex and iregex rule criteria operator and deprecate matchregex in favor of
those two new operators. (new-feature) [Jamie Evans]

Add support for better serialization of the following parameter types for positional parameters
used in the local and remote script runner actions: integer, float, boolean,
list, object. Previously those values were serialized as Python literals which made
parsing them in the shell scripts very cumbersome. Now they are serialized based on the simple
rules described in the documentation which makes it easy to use just by using simple shell
primitives such as if statements and IFS for lists. (improvement, new feature)

Add custom use_none Jinja template filter which can be used inside rules when invoking an
action. This filter ensures that None values are correctly serialized and is to be used when
TriggerInstance payload value can be None and None is also a valid value for a particular
action parameter. (improvement, workaround)

Allow /v1/webhooks API endpoint request body to either be JSON or url encoded form data.
Request body type is determined and parsed accordingly based on the value of
Content-Type header.
Note: For backward compatibility reasons we default to JSON if Content-Type header is
not provided. #2473 [David Pitman]

Update matchregex rule criteria operator so it uses “dot all” mode where dot (.)
character will match any character including new lines. Previously * didn’t match
new lines. (improvement)

Move stream functionality from st2api into a new standalone st2stream service. Similar to
st2api and st2auth, stream is now a standalone service and WSGI app. (improvement)

Record failures to enforce rules due to missing actions or parameter validation errors. A
RuleEnforcement object will be created for failed enforcements that do not lead to an
ActionExecution creation. (improvement)

The list of required and optional configuration arguments for the LDAP auth backend has changed.
The LDAP auth backend supports other login name such as sAMAccountName. This requires a separate
service account for the LDAP backend to query for the DN related to the login name for bind to
validate the user password. Also, users must be in one or more groups specified in group_dns to
be granted access.

Drop deprecated and unused system.admin_users config option which has been replaced with
RBAC.

The matchregex rule criteria operator has been deprecated in favor of regex and
iregex.

Mistral has deprecated the use of task name (i.e. $.task1) to reference task result. It is
replaced with a task function that returns attributes of the task such as id, state, result,
and additional information (i.e. task(task1).result).

Make sure setup.py of st2client package doesn’t rely on functionality which is only
available in newer versions of pip.

Fix an issue where trigger watcher cannot get messages from queue if multiple API processes
are spun up. Now each trigger watcher gets its own queue and therefore there are no locking
issues. (bug-fix)

Include ref of the most meaningful object in each trace component. (new-feature)

Ability to hide trigger-instance that do not yield a rule enforcement. (new-feature)

Action and Trigger filters for rule list (new-feature)

Add --register-fail-on-failure flag to st2-register-content script. If this flag is
provided, the script will fail and exit with non-zero status code if registering some resource
fails. (new feature)

Introduce a new abandoned state that is applied to executions that we cannot guarantee as
completed. Typically happen when an actionrunner currently running some executions quits or is
killed via TERM.

Add new st2garbagecollector service which periodically deletes old data from the database
as configured in the config. By default, no old data is deleted unless explicitly configured in
the config.

All published variables can be available in the result of ActionChain execution under the
published property if display_published property is specified.

Allow user to specify TTL when creating datastore item using CLI with the --ttl option.
(improvement)

Add option to rerun one or more tasks in mistral workflow that has errored. (new-feature)

Change the rule list columns in the CLI from ref, pack, description and enabled to ref,
trigger.ref, action.ref and enabled. This aligns closer the UI and also brings important
information front and center. (improvement)

Support for object already present in the DB for st2-rule-tester (improvement)

Throw a more friendly error message if casting parameter value fails because the value contains
an invalid type or similar. (improvement)

Add a missing get_logger method to the MockSensorService`. This method now returns an
instance of Mock class which allows user to assert that a particular message has been
logged. [Tim Ireland, Tomaz Muraus]

Introduce a new timeout action execution status which represents an action execution
timeout. Previously, executions which timed out had status set to failure. Keep in mind
that timeout is just a special type of a failure. (new feature)

Allow jinja templating to be used in message and data field for notifications.(new feature)

Add tools for purging executions (also, liveactions with it) and trigger instances older than
certain UTC timestamp from the db in bulk.

Support for formatting of alias acknowledgement and result messages in AliasExecution. (new feature)

Support for “representation+value” format strings in aliases. (new feature)

Support for disabled result and acknowledgement messages in aliases. (new feature)

Add ability to write rule enforcement (models that represent a rule evaluation that resulted
in an action execution) to db to help debugging rules easier. Also, CLI bindings to list
and view these models are added. (new-feature)

Refactor retries in the Mistral action runner to use exponential backoff. Configuration options
for Mistral have changed. (improvement)

Update action chain runner so it performs on-success and on-error task name validation during
pre_run time. This way common errors such as typos in the task names can be spotted early on
since there is no need to wait for the run time.

Don’t allow action parameter type attribute to be an array since rest of the code doesn’t
support parameters with multiple types. (improvement)

Update local runner so all the commands which are executed as a different user and result in
using sudo set $HOME variable to the home directory of the target user. (improvement)

Include state_info for Mistral workflow and tasks in the action execution result. (improvement)

--debug flag no longer implies profiling mode. If you want to enable profiling mode, you need
to explicitly pass --profile flag to the binary. To reproduce the old behavior, simply pass
both flags to the binary - --debug--profile.

Modify ActionAliasFormatParser to work with regular expressions and support more flexible parameter matching. (improvement)

Fix trigger parameters validation for system triggers during rule creation - make sure we
validate the parameters before creating a TriggerDB object. (bug fix)

Fix a bug with a user inside the context of the live action which was created using alias
execution endpoint incorrectly being set to the system user (stanley) instead of the
authenticated user which triggered the execution. (bug fix)

Allow user to specify URL which Mistral uses to talk to StackStorm API using mistral.api_url
configuration option. If this option is not provided it defaults to the old behavior of using the
public API url (auth.api_url setting). (improvement)

Improve speed of st2executionlist command by not requesting result and
trigger_instance attributes. The effect of this change will be especially pronounced for
installations with a lot of large executions (large execution for this purpose is an execution
with a large result).

Improve speed of st2executionget command by not requesting result and
trigger_instance attributes.

Now when running st2api service in debug mode (--debug) flag, all the JSON responses are
pretty indented.

When using st2executionlist and st2executionget CLI commands, display execution
elapsed time in seconds for all the executions which are currently in “running” state.

Move st2auth service authentication backends to a “repo per backend” model. Backends are now also
dynamically discovered and registered which makes it possible to easily create and use custom
backends. For backward compatibility reasons, flat_file backend is installed and available by
default. (new feature, improvement)

Add support for --profile flag to all the services. When this flag is provided service runs
in the profiling module which means all the MongoDB queries and query related profile data is
logged. (new-feature)

Introduce API Keys that do not expire like Authentication tokens. This makes it easier to work
with webhook based integrations. (new-feature)

Default to rule being disabled if the user doesn’t explicitly specify enabled attribute when
creating a rule via the API or inside the rule metadata file when registering local content
(previously it defaulted to enabled).

Fix packs.info action so it correctly exits with a non-zero status code if the pack doesn’t
exist or if it doesn’t contain a valid .gitinfo file. (bug-fix)

Fix packs.info action so it correctly searches all the packs base dirs. (bug-fix)

Fix a bug in stdout and stderr consumption in paramiko SSH runner where reading a fixed
chunk byte array and decoding it could result in multi-byte UTF-8 character being read half way
resulting in UTF-8 decode error. This happens only when output is greater than default chunk size
(1024 bytes) and script produces utf-8 output. We now collect all the bytes from channel
and only then decode the byte stream as utf-8.

Cleanup timers and webhook trigger definitions once all rules referencing them are removed. (bug-fix)

Last newline character (\n) is now stripped from stdout and stderr fields in local
and remote command/shell runners. (improvement)

Make sure sensor processes correctly pick up parent --debug flag. This makes debugging a lot
easier since user simply needs to start sensor container with --debug flag and all the sensor
logs with level debug or higher will be routed to the container log. (improvement)

private_key supplied for remote_actions is now used to auth correctly. The private_key
argument should be the contents of private key file (of user specified in username argument).
(bug-fix)

Fix sensor container service so the config argument is correctly passed to the sensor
instances in the system packs. Previously, this argument didn’t get passed correctly to the
FileWatchSensor from the system linux pack. (bug-fix)

Information about parent workflow is now a dict in child’s context field. (improvement)

Add support for restarting sensors which exit with a non-zero status code to
the sensor container. Sensor container will now automatically try to restart
(up to 2 times) sensor processes which die with a non-zero status code. (improvement)

Add index to the ActionExecution model to speed up query. (improvement)

Rename notification “channels” to “routes”. (improvement)

Turn on paramiko ssh runner as the default ssh runner in prod configuration.
To switch to fabric runner, set use_paramiko_ssh_runner to false in st2.conf.
(improvement)

Fix bug in triggers emitted on key value pair changes and sensor spawn/exit. When
dispatching those triggers, the reference used didn’t contain the pack names
which meant it was invalid and lookups in the rules engine would fail. (bug-fix)

Handle sudo in paramiko remote script runner. (bug-fix)

Update st2ctl to correctly start st2web even if Mistral is not installed.
(bug-fix, improvement)

Fix a bug in handling positional arguments with spaces. (bug-fix)

Make sure that the $PATH environment variable which is set for the sandboxed Python
process contains <virtualenvpath>/bin directory as the first entry. (bug fix)

Fix packs.setup_virtualenv command so it works correctly if user has specified multiple packs
search paths. (bug-fix)

Update sensor container to use auth.api_url setting when talking to the API (e.g. when
accessing a datastore, etc.). This way it also works correctly if sensor container is running
on a different host than the API. (bug-fix)

Allow user to exclude particular attributes from a response by passing
?exclude_attributes=result,trigger_instance query parameter to the /actionexecutions/
and /actionexecutions/<executionid>/ endpoint (new-feature)

Add new /actionexecutions/<id>/attribute/<attributename> endpoint which allows user to
retrieve a value of a particular action execution attribute. (new-feature)

Allow user to pass --inherit-env flag to the st2actionrun command which causes all
the environment variables accessible to the CLI to be sent as env parameter to the action
being executed. (new-feature)

Cast params of an execution before scheduling in the RulesEngine. This allows non-string
parameters in an action. (new-feature)

Python runner and all the fabric based runners (run-local, run-local-script,
run-remote, run-remote-script) now expose the timeout argument. With this argument
users can specify action timeout. Previously, the action timeout was not user-configurable and
a system-wide default value was used.

The time when an action execution has finished is now recorded and available via the
end_timestamp attribute on the ActionExecution model.

Allow polling sensors to retrieve current poll interval and change it using get_poll_interval
and set_poll_interval methods respectively. (new-feature)

Add support for a standalone mode to the st2auth service. In the standalone mode,
authentication is handled inside the st2auth service using the defined backend. (new feature)